The EU’s top court has ruled that uncontrolled mass surveillance of mobile and internet information is illegal, in a movement that could curb the powers of spying agencies in France and other European Union countries.
Privacy rights advocacy groups brought the situation and the outcome is very likely to reverberate beyond the EU as governments in the United States and China have awakened surveillance programs in the name of national safety.
The EU’s Court of Justice said that the general and indiscriminate retention of such information can only be permitted if authorities face a “serious threat to national security”.
In this type of situation, the full access to phone and internet users’ data should be limited to a period that is “strictly necessary”, it said in a statement.
“Such an interference with fundamental rights must come with effective safeguards and be assessed by a court or by an independent administrative authority,” the court said.
The ruling “functions as a reminder that no government should be above the law,” said Caroline Wilson Palow, legal director of Privacy International, one of the plaintiffs.
“Democratic societies must place limits and controls on the surveillance powers of our police and intelligence agencies.”
The ruling by the European Union’s highest court also allowed the collection and retention of IP addresses within the same limits when it is “strictly necessary.”
National courts should not take into account information collected by authorities that fail to follow the principles stated in the ruling, the EU court said.
However, the court left room for interpretation of the principles stated in its ruling, as it is up to EU member states to define what constitutes a “serious danger for national security.”
Under the ruling, people seriously suspected of involvement in “terrorist activities” could be spied on and tracked on line in real-time.
Mass surveillance tools can be used past a predetermined time limit if the threat persists.
The Luxembourg-based authority’s choice comes at a vital time for EU institutions, which are in the middle of preparing a brand new version of the e-privacy directive, which defines privacy rights with respect to digital communications.
The new e-privacy regulation is set to finish the EU’s data privacy legal apparatus alongside the General Data Protection Regulation (GDPR), adopted a couple of years ago.
The court’s decision also comes three months after a previous judgment that invalidated a transatlantic data transport deal due to concerns regarding US surveillance.
The team at Platform Executive hope you have enjoyed this news article. Initial reporting via our official content partners at Thomson Reuters. Reporting by Mathieu Rosemain. Additional reporting by Douglas Busvine. Editing by Alison Williams, Alexander Smith and Susan Fenton.
To stay on top of the latest developments across the platform economy and gain access to our problem-solving tools, databases and comprehensive content sets, you can become a member for just $7 per month.